From: John Frey (johnf@goldcircuit.com)
Date: Tue Nov 14 2000 - 11:15:04 PST
> So these statements have to do with Internal packs getting out more so
than
> external packets access in? Well, what I'm really trying to make sure is
> lets say that I have the following line:
>
> $IPCHAINS -A input -p tcp -s 1.2.3.4/32 -d $OUTERNET 22 -j ACCEPT
>
> This allows only 1.2.3.4 to SSH in and aeveryone else would be
> denied/rejected.
>
No, the FORM (since /32 is an impossible network mask) that is "-s" IP is in
would allow anyone on the 1.x.x.x network or 1.2.x.x network or 1.2.3.x
network depending on what the network mask is ( /8 - /29 )
if the source statement is "-s 1.2.3.4", then only the HOST 1.2.3.4 would be
allowed to SSH in
if the source statement is "-s 1.2.3.4/12", then ANY host on the
1.0.0.0/255.240.0.0 network (1.0.0.1 - 1.15.255.254) would be able to SSH in
the this host.
Hope this helps
John
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:37:49 PDT